/home/bill/System_maintenance/TLS 1.2, openssl/0_TLS1.2, openssl notes.txt
www.BillHowell.ca  28Dec2015 initial



http://www.cra-arc.gc.ca/ntcs/ntrnt_scrty-eng.html#h4
Canada Revenue Agency (CRA) requires TLS 1.2 for only services 
=> web-ppage says "FireFox has TLS encryption by default and there is no setting to enable"
(... only Windows is a laggard versus FireFox, Google, etc)

$ openssl version
>>  I have openssl 1.0.1j 15Oct2014

+-----+
http://serverfault.com/questions/638691/how-can-i-verify-if-tls-1-2-is-supported-on-a-remote-web-server-from-the-rhel-ce
Mike B  asked Oct 21 '14 at 20:39,  Michael Kjörling edited Oct 22 '14 at 14:13
I'm on CentOS 5.9.
I'd like to determine from the linux shell if a remote web server specifically supports TLS 1.2 (as opposed to TLS 1.0). Is there an easy way to check for that?
I'm not seeing a related option on openssl but perhaps I'm overlooking something.
linux centos openssl tls

Jacob answered Oct 21 '14 at 20:48
You should use openssl s_client, and the option you are looking for is -tls1_2.
An example command would be:
openssl s_client -connect google.com:443 -tls1_2
If you get the certificate chain and the handshake you know the system in question supports TLS 1.2. If you see don't see the certificate chain, and something similar to "handshake error" you know it does not support TLS 1.2. You can also test for TLS 1 or TLS 1.1 with -tls1 or tls1_1 respectively.
>>  Howell : this worked for me - lots of detailed feedback, but it got "stuck", perhaps because I don't have 1.2? (Ctrl-C to cancel)

same blog :
@Quanlong homebrew has openssl v1.0.2. Install it then run it with /usr/local/Cellar/openssl/1.0.2d_1/bin/openssl s_client -connect google.com:443 -tls1_2 – Xiao Aug 28 at 2:46 






enddoc